Hauptinhalt
Status: 10.10.2025
1. Privacy policy for the credi2 website
Credi2 GmbH, Mariahilfer Straße 41-43/B6, A-1060 Vienna is the controller with regard to any data processing on the Credi2 website.
Credi2 processes personal data in accordance with the legal requirements of the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), the applicable data protection regulations of the Austrian Telecommunications Act (TKG 2021) and other relevant laws and regulations as amended from time to time.
2. Visiting our website – provision of content
Visiting the website www.credi2.com is generally possible without providing personal data to us. We only store technical access data without direct reference to identified persons.
When you access our website, the browser used on your end device sends certain information to the server of our website for technical reasons, for example your IP address. We process this information to provide you with the website content that you have accessed. To ensure the security of the IT infrastructure used to provide the website, this information is also temporarily stored in a so-called web server log file.
For this purpose, we process so-called HTTP data, which are technically generated when the website is opened via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes the IP address, type and version of your Internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.
In the event of security incidents or for the purpose of asserting legal claims, the technical data may be combined with other data in order to determine a person’s identity.
The legal basis of the processing is our legitimate interest (Article 6 para 1 lit f GDPR). Our legitimate interest is the provision of the content and security of the website accessed by you.
The data is stored in server log files in a form that allows the identification of the data subjects for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack) or we become aware of a legal violation that we want to pursue. In the event of a security-relevant event or legal violation, we store server log files until the security event has been investigated and resolved or until conclusion of the legal proceedings.
3. Use of cookies
Cookies are small text files that website store on a user’s device and allow the recognition of the internet browser. We use cookies to make the visit to our website as attractive as possible, to enable the use of certain functions and to increase user-friendliness.
We only use cookies,
- if you have consented to this, or
- if the cookie is used for the sole purpose of transmitting a message over an electronic communications network, or
- if the use of the cookie is absolutely necessary so that a service expressly requested by you can be made available.
Please find a list of all cookies that we may use on our website in section 4 of this privacy policy.
3.1 Cookie settings
If the use of cookies and comparable technologies (hereinafter jointly referred to as cookies) requires the consent of the user, we will only set such cookies after you have given your consent.
When you visit our website, we display a “cookie dashboard” where you can configure your cookie settings. This “cookie dashboard” is always accessible to you via the “Cookie Settings” in the footer of the website. You have the option to accept all cookies, make an individual selection or reject all cookies. In the “cookie dashboard”, you also have the option to individually adjust the selection you have made or withdraw your consent.
We store information on your consent and, if applicable, your individual selection of cookies in the form of a separate cookie (“opt-in cookie”) on your device in order to be able to determine whether you have already given your consent.
We use OT Technology (OneTrust) Spain, SL Pl. Pablo Ruiz Picasso, 11, Planta 3, Tetuán, 8020 Madrid, Spain as a service provider for our “cookie dashboard”. The agreement with OneTrust ensures that the data of the “cookie dashboard” and the “opt-in cookie” are stored exclusively on servers in the EU. All data processed in connection with the configuration of the “cookie dashboard” and the “opt-in cookie” will be stored for 3 years from (i) your first visit to our website, or (ii) the change of your cookie configuration, and will then be deleted.
Strictly necessary cookies cannot be rejected on this website. However, you can generally disable these cookies in your browser setup at any time.
The legal basis of the processing for the “opt-in cookie” as well as for strictly necessary cookies is § 165 para 3 TKG 2021 or Article 5 para 3 of the DIRECTIVE 2002/58/EC and our legitimate interest (Article 6 para 1 lit f GDPR) to provide you with the content you have accessed on the website and to manage your cookie consents and configurations in accordance with the GDPR principle of accountability.
For all other cookies, the legal basis of the processing is your consent (Article 6 para 1 lit a GDPR). You have the right to withdraw your consent at any time. The withdrawel of consent shall not affect the lawfulness of processing based on consent before withdrawel.
3.2 Cookies from credi2 (“First Party Cookies”)
We may use “session cookies”, which are required in particular to assign the entries you make on our website to you for the entire duration of the use of our website. These cookies are automatically deleted from your device after the end of your use of our website (end of the session).
In addition, we may use “persistent cookies” (permanent cookies), which can remain on your device for a longer period of time (which is specified in our cookie list below) to automatically recognize you on a subsequent visit. These cookies are automatically deleted after they have expired.
3.3 Cookies from other providers (“Third Party Cookies”)
We may also use cookies offered by contractual partners (“third-party cookies”). Through the use of cookies, credi2 receives information about which information on the credi2 website interests the respective user. These cookies are stored on your device by the respective contractual partner and are automatically deleted after a certain period of time. We do not receive personally identifiable information from our partner’s use of such cookies, but our partner may be able to identify its users as set forth in the partner’s applicable privacy policy.
4. Cookie list
We use the following cookies on our website:
Cookie | Domain | Description | Duration | Type |
__cf_bm | .cookiepro.com | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. | 1 hour
| Necessary |
_gcl_au | .credi2.com | Google Tag Manager sets this cookie to experiment advertisement efficiency of websites using their services. | 3 months | Advertisement |
OptanonConsent | .www.credi2.com | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. | 1 year
| Necessary |
_gcl_ls | credi2.com | Google Tag Manager conversion linker. | max. | Other |
nlS | credi2.com | OneTrust National Language Support. | session | Other |
5. LinkedIn
Credi2 GmbH operates a LinkedIn page and acts as a controller for the processing of personal data on that page with regard to your activities, such as likes, posts or comments. We use our LinkedIn company page to inform about us and our job postings and to get in touch with applicants. Furthermore, we use it to provide information about us and our products or services and to contact and communicate with users.
We also receive aggregated (anonymous) statistics from LinkedIn, which are generated by LinkedIn and processed on LinkedIn servers when people interact with pages and their associated content (LinkedIn Page Insights).
When processing personal data on our LinkedIn pages as part of LinkedIn Page Insights, we are joint controllers with LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). This means that LinkedIn and we jointly determine the purposes and means of this processing.
LinkedIn assumes all obligations under the GDPR for the processing of Insights data, including fulfilling the right to information about data processing and the right to erasure. If you assert your data subject rights regarding Insights data against us, we are contractually obliged to forward all relevant information about such requests to LinkedIn within 3 days.
Further information on LinkedIn Page Insights and our joint responsibility for data processing with LinkedIn can be found here: https://legal.linkedin.com/pages-joint-controller-addendum
Further information on LinkedIn's use of data, as well as settings and objection options, can be found on LinkedIn's websites: https://de.linkedin.com/legal/privacy-policy
Our legal basis for the use of the LinkedIn company page is our legitimate interest (Art 6 para 1 lit f GDPR) in up-to-date customer communication and application processes.
In the course of an application procedure, we process your application documents sent by you in order to take steps at the request of the data subject prior to entering into a contract (Art 6 Para 1 lit b GDPR).
6. Inquiries and customer contact via the website
If you contact us via the contact options provided on the website, we process the personal data you provide (name, e-mail address, telephone number and enquiry data) in order to answer your enquiry, to send information material about our products and to maintain customer contact.
The processing of your data is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 para 1 lit b GDPR).
For the management of your above-mentioned data, we use a customer data management system that is operated by a service provider commissioned by us as processor. We contractually obliged our service provider to store all data within the European Union.
We will delete your data if the data is no longer necessary in relation to the purposes for which they were collected or otherwise processed. Depending on the type of enquiry, statutory retention periods may apply (e.g. 7 years for business letters).
7. Processing of applicants’ data
You have the option to send us your job application by e-mail. In the course of an application procedure, the application documents sent by you will be processed. The processing is necessary in order to take steps at the request of the data subject prior to entering into a contract (Art 6 para 1 lit b GDPR).
The information you provide may also be processed for the conclusion of the employment contract. The data will not be passed on to third parties unless there is right or duty to do so.
We store your applicant data for the purpose of defending any legal claims for discrimination upon the establishment of an employment relationship for a period of 6 months as well as an appropriate period of a follow-up of one month from the end of the application process or from the rejection of an application (pursuant to § 15 para 1, § 29 para 1 GlBG as well as § 7k para 1 in conjunction with para 2 Z 1 BEinstG and DSB decision DSB-D123.085/0003-DSB/2018) with regard to the application documents and for a period of 3 years for the purpose of defending any legal claims for harassment when establishing an employment relationship (pursuant to § 15 para 1, § 29 para 1 GlBG) from the rejection of the application with regard to documents from the application process (e.g. minutes of the job interview) and the rejection.
8. PEP & Sanctions Check
The careful selection of employees is very important to our company. Additional security measures are required, especially in the banking sector. In order to meet the highest security standards, we carry out a PEP & Sanctions Check after a successful application but before future employees are hired. Within the scope of the PEP & Sanctions Check, we examine whether a person is a politically exposed person as defined in Section 2 (6) of the Financial Market Money Laundering Act (FM-GwG) and whether economic and/or legal restrictions have been imposed on a person. In order to ensure that the highest security standards are maintained during the period of employment, we conduct an annual PEP & Sanctions Check for each employee.
We work for clients in the financial sector who are subject to the provisions of DIRECTIVE (EU) 2015/849 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing in relation to their activities. In order to comply with their legal obligations, these principals require us to conduct a PEP & Sanctions Check on applicants prior to entering into employment contracts. Without carrying out the PEP & Sanctions Check, we would not be able to provide our services to our clients. The processing of this personal data is therefore necessary to protect our legitimate interests as well as the legitimate interests of our clients (Art 6 para 1 lit f GDPR).
We process the following categories of data for this purpose:
- a) Name
- b) Address
- c) Date of birth
- d) the presence of a politically exposed person, and
- e) Existence of economic and/or legal restrictions against a person.
As part of the query, we pass on your data (name, address, date of birth) to CRIF GmbH, Rothschildplatz 3/Top 3.06.B, A-1020 Vienna and CRIF AG, Hagenholzstrasse 81, CH-8050 Zurich, and obtain the above-mentioned information from the PEP & Sanctions Check from these sources.
With regard to the transfer of personal data to Switzerland, there is a legally valid adequacy decision of the European Commission of 26.07.2000 (file number C(2000) 2304) by which it was established that Switzerland ensures an adequate level of protection with regard to the protection of personal data transferred from the EU to Switzerland.
The results of the PEP Check will be stored by us for documentation purposes and deleted three years after termination of the employment relationship, unless there are longer retention obligations under labour law, company law or tax law.
9. Rights of the user
Upon written or textual request, information about the personal data stored about the user can be obtained (Right of access, Art 15 GDPR). It is possible to have the personal data corrected (Right to rectification, Art 16 GDPR) or deleted (Right to erasure, Art 17 GDPR) by the controller as well as to object to the data processing (Right to object, Art 21 GDPR), to demand a restriction of the processing (Right to restriction, Art 18 GDPR) and to assert the right to data portability (Right to data portability, Art 20 GDPR). If the processing of your data is based on consent, you have the right to withdraw this consent at any time (Art 7 para 3 GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Your requests can be sent by e-mail to datenschutz@credi2.com or in writing to Credi2 GmbH, Mariahilfer Straße 41-43/B6, A-1060 Vienna. You can also contact our data protection officer directly by e-mail: datenschutz@credi2.com
If you are of the opinion that the processing of your personal data violates data protection law or that your data protection rights have been violated, you have the right to complain to the supervisory authority. In Austria, the data protection authority (Datenschutzbehörde), Barichgasse 40-42, A-1030 Vienna, www.dsb.gv.at, is responsible.
10. Amendments
This privacy policy is part of the website www.credi2.com. Credi2 reserves the right to modify it from time to time and to adapt it to technical and legal developments.